Privacy Policy.
This privacy policy forms the basis of how Enrich Limited (Enrich), Enrich GI Limited (Enrich GI) and Enrich Mortgages Limited (Enrich Mortgages) all trading as Enrich Financial, will handle, process, manage, store and destroy private personal information.
Scope.
This privacy policy applies to all Enrich Financial personnel and Financial Advisers operating under Enrich’s FAP licence, herein after also referred to as Enrich, ‘we’ and ‘our team’.
Personal Information.
Privacy at Enrich is subject to the Privacy Act 2020 and associated Information Privacy Principles, which cover the collection, handling and use of personal information.
Enrich provides financial advice and related support services to its clients. To enable this we collect, hold and use personal client information. Enrich is committed to ensuring that the privacy of personal information is protected, and we strive to uphold best practice privacy standards in the collection, storage and use of personal information.
Privacy Policy Statement.
Personal information in Enrich’s care will be managed as carefully and respectfully as if it were our own.
Collection of Personal Information.
Enrich commits to collecting information only for the purposes linked to our organisational functions.
Enrich commits to making customers aware of the collection of information, our purposes for doing so, and their rights to access and correct that information.
Enrich collects personal information from a variety of sources, including during the client on-boarding process. We may collect this information using a range of methods (e.g. face-to-face, email, phone etc) and in various formats (e.g. forms, letters, electronic file notes, recorded conversations etc).
We must record in writing (including digitally) adequate information regarding any personalised services provided to the retail client. Recorded information for each client must be able to demonstrate compliance with Code Standard 5 and include copies of all information and documents provided to, or received from, your client in writing, in connection with personalised services.
Enrich will comply with all obligations under the Privacy Act 2020. This includes obligations in relation to the use and disclosure of clients’ personal information and protection of that information from loss and unauthorised access, use, modification, or disclosure.
Storing, Accessing and Availability of Personal Information.
Enrich commits to maintaining all reasonable safeguards against the loss, misuse or inappropriate disclosure of personal information, and maintaining processes to prevent unauthorised use or access to that information.
We will provide individuals with access to their personal information, where appropriate, and respect the individual’s right to seek amendment of factually incorrect information.
Enrich will keep physical documents secure when there is a business need to take them outside of Enrich premises.
We will keep electronic personal information secure by ensuring our data storage is protected from external sources, maintaining regular back up of data to secure storage and applying best practice for information security management.
Enrich may use cloud computing to manage and store information. Cloud computing is hardware or software delivered as a service over the internet.
Enrich will acknowledge and respond to requests for personal information within 20 working days of the request being made.
Where a person seeks correction of personal information held by Enrich, we will first respond to that request and inform them of resulting action. This may be in the form of correction of factual information or attaching a statement of correction to the information held by Enrich.
Use and Maintenance of Personal Information.
Enrich commits to only using or disclosing personal information for the purposes for which it is collected. We will take reasonable steps to ensure that the information is complete, relevant and up to date. We will also engage the customer who owns that information in ensuring its quality.
Enrich will not use or disclose information for a purpose that is inconsistent with the original purpose of collection unless legislatively required to do so or where we have consent.
Enrich uses personal information to fulfil its role of providing personalised financial advice services. Enrich will use personal information only for the purposes consistent with the reasons it was provided. Enrich may share this information with product providers to enable it to fulfil its role.
Enrich will support product providers that are supplied personal information by Enrich to protect that information.
Archiving and Destruction of Personal Information.
Enrich will maintain and implement retention and disposal policies for personal information consistent with this privacy policy.
Privacy Incidents.
A privacy incident includes a breach, a near miss, or actions where Enrich does not comply with the provisions of privacy legislation.
Enrich’s employees and contractors will endeavour to resolve privacy incidents at source with the affected parties at the time it comes to their attention.
Enrich will have clear, consistent processes for managing and escalating privacy related incidents, which will follow clear lines of responsibility.
All privacy incidents shall be recorded by Enrich. Affected parties will be notified as soon as practicable (unless a risk to health and/or safety is identified), if the incident is serious and likely to cause harm to the individual.
Responsibilities for Personal Information.
Enrich has the following roles and responsibilities embedded in the organisation.
The Management Team:
- is responsible for ensuring the organisation is aware of the need to look after customers’ information through high-quality monitoring and information management practices; and
- will model best privacy practices and ensure privacy is core to all aspects of Enrichs culture.
Enrich has currently nominated its Chief Executive Officer (CEO) as Privacy Officer. The Privacy Officer acts as the single point of contact for all matters relating to privacy. The Privacy Officer oversees investigations into privacy-related complaints lodged with the Privacy Commissioner and Enrich.
All Enrich employees and contractors will ensure that this policy is embedded within their area of responsibility. They will also ensure that processes are used consistently to collect, use, store and destroy privacy related information, and will report any privacy incidents to the Privacy Officer.
All Enrich employees and contractors will:
- maintain best practice privacy behaviours;
- promote privacy at work;
- actively participate in privacy training;
- report all privacy breaches and near misses to managers; and
- identify privacy risks.
Further Obligations.
Enrich will:
- train and inform its employees and contractors of this privacy policy, and ensure the above principles are applied when fulfilling their role within Enrich;
- endeavour to protect the privacy of its employees and contractors; and
- regularly review Enrich’s business processes that relate to the collection, recording, access, use, storage and destruction of personal information to ensure they remain relevant and use best practice.
Authorisation Hierarchy.
We have clear levels of authorisation and a robustly controlled authorisation hierarchy to limit access to all our team on a need-to-know basis to client information.
Copies of original documents must be scanned, archived and filed with relevant forms being easily retrievable if required by a regulator and/or external auditor. Documents can be held in digital archive format.
Controls.
Key Control
Privacy Breach Register
How Implemented
The Privacy Officer will record all privacy breaches in this register.
Responsibility
Privacy Officer
Related Policies.
- Code of Conduct Policy
- Product Provider Selection Policy
- Complaint Management Policy
- Conflicts of Interest Policy
- Information Systems Security Policy
Other References.
- Financial Markets Conduct Act 2013
- Consumer Guarantees Act 1993
- Fair Trading Act 1986
Review of Privacy Policy.
This privacy policy and supporting procedures will be reviewed at least annually or whenever a significant change or event necessitates.
Approval.
Chief Executive Officer: Rodney Varga
Version Control.
2023.1
If you live for having it all, what you have is never enough.”
Vicki Robin